Thanks everyone for the SSL encouragement. I'm going to have a quick re-read of Eric's book over the weekend and then start thinking about what sort of "easy to use" implementation I could do. I was thinking of doing a C++ implentation with classes and templates and stuff. (By contrast OpenSSL is a C implementation). Anyone got any thoughts on that? Also - anyone thinking of using something like this - could you post (in another thread maybe) suggestions as to what kind of "simple" interface you actually want? As in, what you want it to do? All suggestions gratefully considered, but in the light of comments in this list, I will /not/ turn it into bloatware just to satisfy all demands. (OpenSSL can do that). Finally - I'll need some help setting up a sourceforge thing as I've never set up an open source project before and don't really know how to go about that. Some advice on licensing wouldn't go amiss either. (GPL? ... LGPL? ... something else?)

Re Don's comments below:

This seems to me to a /serious/ flaw in the design of MSIE. What if Alice doesn't /have/ a CA because she can't afford their fees? (or she doesn't trust them, or for any other reason you might care to think of). In fact, if I've understood this correctly, if Alice uses MSIE, she can't even tell her browser to trust her own website, despite being in possession of not only her own public key, but her own secret key as well! What is it with MSIE that it would prefer to trust someone other than Alice about the authenticity of Alice's site !!!???

Okay guys - _this is a serious question_. Alice has a web site. Alice has a web browser which unfortunately happens to be MSIE. Alice wishes to view Alice's web site using Alice's browser (which is not on the same machine as the server). Alice does not wish to trust ANYONE else, but she does trust herself absolutely. How does she get the browser to display the padlock?

I wouldn't be at all surprised if the answer turns out to be "It can't be done". (That may not be a problem if other browsers don't have this design flaw, of course, since Alice can tell all of her friends "don't use Microsoft").


> -----Original Message----- > From: Don Davis [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 1:26 PM > To: Jill Ramonsky > Cc: [EMAIL PROTECTED] > Subject: RE: Monoculture > > > > Is it possible for Bob to instruct his browser to > > (b) to trust Alice's certificate (which she handed > > to him personally)? (And if so, how?) > > how it's done depends on the browser: > > in MSIE 5: Edit > Preferences.., > Web Browser > > Security > Certificate Authorities > > (there seems to be no way to tell MSIE 5 to > trust Alice's server cert for SSL connections, > except to tell MSIE 5 to trust Alice's CA.) >

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to